This job is now closed
Job Description
- Req#: 5034
- Conduct thorough security assessments of our applications, identifying vulnerabilities and providing actionable recommendations for mitigation.
- Collaborate with development teams to integrate security best practices into the software development lifecycle (SDLC).
- Design and implement secure software architectures, ensuring that security is an integral part of the development process.
- Perform regular security code reviews to identify and address security issues in both new and existing code.
- Lead and mentor junior members of the application security team, fostering a culture of security awareness and collaboration.
- Stay abreast of the latest security trends, vulnerabilities, and technologies to proactively address emerging threats.
- Work closely with cross-functional teams, including development, operations, and quality assurance, to ensure a holistic approach to application security.
- Develop and maintain documentation related to application security policies, procedures, and best practices.
- Respond to and mitigate security incidents, conducting post-incident analysis to improve incident response processes.
- Collaborate with external security partners, vendors, and industry groups to stay informed about the latest security developments and best practices.
- 10+ years of experience in a software development role such as Software Developer, Architect, Software Quality Assurance, or Application Security Engineer with a good understanding of Application Security.
- Security certifications such as CISSP, CSSLP, GWEB, or other web application security certifications with relevance such as CEH, OSCP, or similar.
- Deep understanding of application security, security principals and development practices.
- In-depth knowledge of web application vulnerabilities (OWASP Top 10) and security best practices.
- Proficiency in programming languages such as Java, C#, Python, or others.
- Knowledge of WCF, AJAX, HTML, ESB (Neuron a plus), SSIS/TSQL, jQuery.
- Experience with cloud computing, AWS, GCP, Microsoft Azure platforms, and logic apps.
- Knowledge of common web application security flaws and secure coding practices, and the ability to clearly explain security issues to project and development staff.
- Ability to conduct risk assessments, develop mitigation strategies, and ensure compliance with relevant regulations and standards.
- Leadership experience, including the ability to lead and mentor a team of security professionals.
- Excellent written and verbal communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders.
- Understanding of agile development practices, and how to integrate security into those practices.
- Bachelor's or Master's degree in Computer Science, Information Security, or a related field.
- Knowledge of one of the following: Aurelia, Angular, Vue.js or KendoUI
- Experience with SQL Server (2012+) including stored procedures, indexes, functions, and triggers.
- Experience with PCI compliance.
- Experience integrating security into the SDLC, and familiarity with DevSecOps practices and tools.
- Experience with using security testing tools (Fortify/WebInspect/Burp Suite or similar.
- Commitment to continuous learning and professional development.
- A go-getter with an entrepreneurial mindset – that means you are not afraid of taking risks, winning big or facing the unknown.
- Someone who understands that business is people centric. Connecting with others as humans first allows you to develop mutually beneficial working relationships.
- Focused on making a difference for our customers. AvidXchange exists to help solve complex problems for our customers so we can all realize our potential.
- 18 days PTO*
- 11 Holidays (8 company recognized & 3 floating holidays)
- 16 hours per year of paid Volunteer Time Off (VTO)
- Competitive Healthcare
- High Deductible Heath Plan Option that has $0 monthly premium for teammate-only coverage
- 100% AvidXchange paid Dental Base Plan Coverage
- 100% AvidXchange paid Life Insurance
- 100% AvidXchange paid Long-Term Disability
- 100% AvidXchange paid Short-Term Disability
- Employee Assistance Program (EAP) - Provides counseling services, legal and financial consultations and health advocacy for Teammates and their eligible dependents
- Onsite Health Clinic with Atrium Health** - available to Teammates and their eligible dependents
- Retirement 401k Match up to 4%
- Parental Leave: 8 weeks 100% paid by AvidXchange***
- Discounts on Pet, Home, and Auto insurance
- BrightDime Financial Wellness Tool, offered free to teammates
- WeeCare Childcare Service: helps teammates find affordable daycare, childcare, and tutors 40% less expensive than traditional daycare centers
- Perks at Work: free discount program that provides teammates the opportunity to save on items from electronics, movie tickets, car buying, vacations, and more
- Onsite gym fitness center, yoga studio, and basketball court****
- Tuition Reimbursement up to the federal maximum of $5,250*****
- Hybrid Workplace Flexibility
- Free parking
- Job Family Information Technology
- Job Function IT Security
- Pay Type Salary
- Employment Indicator Professional
Senior Application Security Engineer
AvidXchange Charlotte NC, 1210 AvidXchange Ln., Charlotte, North Carolina, United States of America ● AvidXchange Houston TX, 2100 Travis St., Houston, Texas, United States of America ● AvidXchange Sandy UT, 111 E Sego Lily Dr., Sandy, Utah, United States of America ● Virtual Req #5034Monday, November 20, 2023About Us
AvidXchange is a dynamic and innovative technology-driven B2B payments organization seeking a highly skilled and motivated Senior Application Security Engineer to join our team. Our company values collaboration, creativity, and excellence in delivering cutting-edge solutions to our customers. As an Application Engineer embedded within our Agile development teams, you will play a crucial role in ensuring the security and integrity of our applications, systems, and data. While working closely with cross-functional Agile teams, you will report directly to the Information Security Application Security Team to act as a liaison and subject matter expert aligning efforts across the broader security strategy.
What you'll do
What we're looking for
Preferred
Join our team and make a difference!
In this critical role, you will have the opportunity to contribute to the organization's security posture while fostering an agile and innovative development environment. If you are passionate about security, possess strong technical skills, and thrive in a collaborative and dynamic setting, we invite you to apply for this exciting opportunity.
About AvidXchange
AvidXchange is a leading provider of accounts payable (“AP”) automation software and payment solutions for middle-market businesses and their suppliers. By trade, we are a technology company, but if you ask anyone who works here, they’ll tell you our people are at the core of who we are. We focus on creating a culture of Diversity, Inclusion & Belonging, and are proud to be a safe place where teammates can bring their whole selves to work. At AvidXchange, mindset is everything . We are Connected as People , Growth Minded , and Customer Obsessed . These three mindsets represent our culture – who we are, who we’ve always been, and they guide us to improve every day. Since our founding in 2000 in Charlotte, NC, we’ve created a company of over 1,600 teammates working in one of our 5 offices across the U.S., or remotely. AvidXchange is proud to be Certified™ as a Great Place to Work® . The prestigious recognition is based on anonymous data from our teammates and makes official what our teammates have known for years – that AvidXchange is a Great Place to Work®.
Who you are:
What you’ll get:
AvidXchange teammates (we call them AvidXers) get the perks and prestige of a publicly traded tech company paired with the flexibility of a founder-led startup. We help our AvidXers develop as professionals and as human beings, providing work/life balance, development programs, competitive benefits and equity options. At AvidXchange, we are building more than a tech company – we are building an experience. We remain committed to a culture where you can fully be 'you’ – connected with others, chasing big goals, and making a meaningful impact. If you want to help us grow while realizing your potential and creating stories you’ll tell for years, you’ve come to the right place.
AvidXers enjoy:
*Fully granted from beginning of year, pro-rated if hired mid-year
**Charlotte location only
***Must be full-time for at least 3 months
****Charlotte location only
*****Must be full-time for at least one year
Equal Employment Opportunity
AvidXchange is an equal opportunity employer. AvidXchange is committed to equal employment opportunity in accordance with applicable federal, state, and local laws. AvidXchange will not discriminate against applicants for employment on any legally recognized basis. This includes, but is not limited to veteran status, race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age and physical or mental disability.
Other details
About the company
AvidXchange helps middle-market businesses automate the accounts payable process to boost efficiency, accuracy and speed.